Hello, I'm here to find some help for a problem that occurred to me since this past monday... I will explain it for you to know everything that I did and what happened...

At this monday I got PC Defender and luckily I removed it before causing some pain to the computer...but somehow a register key wasn't fully deleted but was quarantined by Malwarebytes, so I let it be... Sadly, in the next day I got another very alike virus called as Win7 Defender and got my computer completely t the point of not even be able to open any program neither install it.

So...what I did was a noob system restore...to be able at least to open the program and delete it... I opened Malwarebytes that time and everything was fully deleted, but it seems that some other problems persists...

My browser Google opens but doesn't show me anything more than a blank page,keeping loading and loading and nothing and my Itunes program keeps needing configuration everytime I open, even though in the end the program sure opens nonetheless.

After that I got ad.yielshielder.com threat but I removed with Spyhunter, but now I got this one on my drivers by notification of AVG.

All programs and conditions are:

Windows: Windows 7 Ultimate
Spyware/Malware installed: Spybot Search and Destroy, Malwarebytes, Prevx 3.0, Spyware Doctor and Spyhunter 3
Antivirus: AVG 9.0

So, I would want really to have this corrected... Other thing I wanted to mention would be that somehow, this driver was infected once and deleted when was detected by a backdoor. I remember that my windows needed to configure again but in the end was also made another noob system restore to recover. But now it's again infected and I don't know what to do...and more when I run all my programs and they doesn't detect anything, saying that my system is clear...

This is what appears on my anti-virus: http://img535.imageshack.us/img535/2892/avga.jpg

I also did what was mentioned... I ran ERUNT but the program couldn't save the entire registry... It failed on some from what was said. And my Hijackthis Log is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:18, on 02-04-2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter3.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe
C:\Program Files\Datel\Action Replay Code Manager\ActionReplayCodeManager.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
D:\Programas\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program

Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files

\Winamp Toolbar\winamptb.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files

\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:

\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files

\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program

Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-

5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files

\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files

\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp

Toolbar\winamptb.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program

Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Logan_S2P] C:\Program Files\Samsung\Samsung SCX-4500 Series\SPanel\PSU

\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office

\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader

\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update

\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows

\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier

\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Angel\AppData\Local\Google\Update\GoogleUpdate.exe"

/c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol

120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common

Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User

'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO

LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User

'Serviço de rede')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Serviço de

rede')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration

\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar

\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:

\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:

\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:

\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot

- Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-

A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files

\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG

\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile

Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG

\AVG9\avgwdsvc.exe
O23 - Service: Serviço de Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour

\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware

Doctor\BDT\BDTUpdateService.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files

\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin

\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp

\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib

\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware

Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware

Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files

\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 11798 bytes


Please...help me...

Hello LightEvangeline and welcome to the forums.

:welcome:

Could you first do me a favor and turn off word wrap in Notepad. Click Format, and uncheck Word Wrap. Thanks

Run OTL

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
CREATERESTOREPOINT


Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


Run GMER:

Download This file (http://www.gmer.net/download.php). Note its name and save it to your root folder, such as C:\.


Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "Yes" to begin the scan.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

Hello IndiGenus! ^^

Thanks for welcoming! I ran the programs you asked me to do and here there are the Logs:

OTL logfile created on: 05-04-2010 00:21:59 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\Angel\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 200,00 Gb Total Space | 160,12 Gb Free Space | 80,06% Space Free | Partition Type: NTFS
Drive D: | 265,66 Gb Total Space | 128,78 Gb Free Space | 48,48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANGEL-PC
Current User Name: Angel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-04-05 00:16:53 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
PRC - [2010-04-02 09:40:53 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG9\avgchsvx.exe
PRC - [2010-03-31 00:08:04 | 006,349,008 | ---- | M] (Prevx) -- C:\Programas\Prevx\prevx.exe
PRC - [2010-03-23 18:40:32 | 000,967,888 | ---- | M] () -- C:\Programas\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010-03-19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programas\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-03-15 14:26:03 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG9\avgrsx.exe
PRC - [2010-03-15 14:26:02 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG9\avgnsx.exe
PRC - [2010-03-15 14:26:01 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG9\avgwdsvc.exe
PRC - [2010-03-15 14:25:39 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programas\AVG\AVG9\avgcsrvx.exe
PRC - [2010-03-15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Programas\Spyware Doctor\pctsSvc.exe
PRC - [2010-03-11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Programas\Spyware Doctor\pctsAuxs.exe
PRC - [2010-03-09 09:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Programas\Spyware Doctor\pctsTray.exe
PRC - [2010-01-22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Programas\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009-10-31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-08-18 03:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009-08-18 03:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009-07-14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programas\Windows Media Player\wmpnetwk.exe
PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programas\Windows Sidebar\sidebar.exe
PRC - [2008-10-25 12:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007-08-03 13:51:18 | 001,422,632 | ---- | M] (Nero AG) -- C:\Programas\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007-08-03 13:51:06 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programas\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007-07-05 09:42:14 | 000,520,192 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2007-06-11 00:58:45 | 000,253,952 | ---- | M] () -- C:\Programas\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe
PRC - [2002-12-17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Programas\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe


========== Modules (SafeList) ==========

MOD - [2010-04-05 00:16:53 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-03-31 00:08:04 | 006,349,008 | ---- | M] (Prevx) [Auto | Running] -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner)
SRV - [2010-03-23 18:40:32 | 000,967,888 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010-03-19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010-03-15 14:26:01 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010-03-15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programas\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010-03-11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programas\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010-01-22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009-12-23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009-08-18 03:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) Protocolo PNRP (Peer Name Resolution Protocol)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2005-02-09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)
SRV - [2002-12-17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002-12-17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
SRV - [2002-12-17 18:23:30 | 000,066,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programas\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programas\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://pt.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 17 5F 2F E0 D0 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programas\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Winamp Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: pt-PT@dictionaries.addons.mozilla.org:9.10.13.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-03-15 14:32:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-03 02:52:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-03 02:52:04 | 000,000,000 | ---D | M]

[2010-03-02 01:27:10 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\mozilla\Extensions
[2010-04-04 10:29:11 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\mozilla\Firefox\Profiles\dli7mged.default\extensions
[2010-04-02 01:14:37 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Angel\AppData\Roaming\mozilla\Firefox\Profiles\dli7mged.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010-04-02 01:09:18 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Angel\AppData\Roaming\mozilla\Firefox\Profiles\dli7mged.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010-04-02 01:14:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Angel\AppData\Roaming\mozilla\Firefox\Profiles\dli7mged.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-03-02 14:37:13 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\mozilla\Firefox\Profiles\dli7mged.default\extensions\pt-PT@dictionaries.addons.mozilla.org
[2010-04-01 00:10:40 | 000,001,196 | ---- | M] () -- C:\Users\Angel\AppData\Roaming\Mozilla\FireFox\Profiles\dli7mged.default\searchplugins\winamp-search.xml
[2010-04-03 01:27:34 | 000,000,000 | ---D | M] -- C:\Programas\Mozilla Firefox\extensions
[2010-01-13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programas\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010-04-02 02:21:15 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programas\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programas\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Programa Auxiliar de Início de Sessão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programas\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programas\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programas\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programas\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Logan_S2P] C:\Programas\Samsung\Samsung SCX-4500 Series\SPanel\PSU\Scan2pc.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programas\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programas\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.228.128.99 213.228.128.5
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-03-06 13:44:28 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dialtall - (C:\Windows\system32\browburn.dll) - C:\Windows\System32\browburn.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009-07-14 03:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2010-04-05 00:16:52 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
[2010-04-03 01:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2010-04-03 01:31:59 | 000,000,000 | ---D | C] -- C:\Programas\Common Files\ParetoLogic
[2010-04-03 01:11:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010-04-03 01:11:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010-04-03 01:11:31 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\temp
[2010-04-03 00:52:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010-04-02 22:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010-04-02 22:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2010-04-02 22:22:41 | 000,000,000 | ---D | C] -- C:\Programas\COMODO
[2010-04-02 13:24:42 | 000,000,000 | ---D | C] -- C:\Programas\ERUNT
[2010-04-02 02:21:10 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\Threat Expert
[2010-04-02 02:20:52 | 000,000,000 | ---D | C] -- C:\Programas\Enigma Software Group
[2010-04-01 17:40:54 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\Apps
[2010-04-01 00:41:17 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010-04-01 00:41:16 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010-04-01 00:41:16 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010-04-01 00:39:44 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010-04-01 00:39:44 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010-04-01 00:39:34 | 000,217,032 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010-04-01 00:39:34 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010-04-01 00:39:25 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010-04-01 00:13:37 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\Winamp Toolbar
[2010-04-01 00:09:59 | 000,000,000 | ---D | C] -- C:\Programas\Winamp Detect
[2010-04-01 00:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Winamp Toolbar
[2010-04-01 00:09:49 | 000,000,000 | ---D | C] -- C:\Programas\Winamp Toolbar
[2010-04-01 00:09:01 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Winamp
[2010-04-01 00:09:01 | 000,000,000 | ---D | C] -- C:\Programas\Winamp
[2010-03-31 14:58:52 | 000,000,000 | ---D | C] -- C:\Programas\iTunes
[2010-03-31 14:58:52 | 000,000,000 | ---D | C] -- C:\Programas\iPod
[2010-03-31 14:58:04 | 000,000,000 | ---D | C] -- C:\Programas\QuickTime
[2010-03-31 14:57:50 | 000,000,000 | ---D | C] -- C:\Programas\Apple Software Update
[2010-03-31 13:51:23 | 000,000,000 | ---D | C] -- C:\Programas\Datel
[2010-03-31 00:39:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010-03-31 00:09:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010-03-31 00:08:06 | 000,053,160 | ---- | C] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2010-03-31 00:08:05 | 000,053,088 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2010-03-31 00:08:05 | 000,030,280 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2010-03-31 00:08:05 | 000,024,368 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2010-03-31 00:08:04 | 000,000,000 | ---D | C] -- C:\Programas\Prevx
[2010-03-31 00:06:26 | 000,000,000 | ---D | C] -- C:\Programas\Bonjour
[2010-03-30 23:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2010-03-30 23:46:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-03-30 23:46:04 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-03-30 21:53:25 | 000,000,000 | ---D | C] -- C:\Users\Angel\DoctorWeb
[2010-03-30 21:29:53 | 000,000,000 | ---D | C] -- C:\Programas\Spyware Doctor
[2010-03-30 21:29:53 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\PC Tools
[2010-03-30 21:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010-03-30 21:29:53 | 000,000,000 | ---D | C] -- C:\Programas\Common Files\PC Tools
[2010-03-30 21:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010-03-30 21:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2010-03-29 16:48:30 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Malwarebytes
[2010-03-29 16:48:24 | 000,000,000 | ---D | C] -- C:\Programas\Malwarebytes' Anti-Malware
[2010-03-29 16:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-03-23 18:39:52 | 000,218,560 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys

========== Files - Modified Within 14 Days ==========

[2010-04-05 00:24:17 | 002,359,296 | -HS- | M] () -- C:\Users\Angel\ntuser.dat
[2010-04-05 00:21:00 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2437898117-1398365205-3809017347-1000UA.job
[2010-04-05 00:18:26 | 000,293,376 | ---- | M] () -- C:\wh9clqzz.exe
[2010-04-05 00:17:38 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-04-05 00:17:38 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-04-05 00:16:53 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
[2010-04-05 00:14:33 | 001,565,554 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-04-05 00:14:33 | 000,687,716 | ---- | M] () -- C:\Windows\System32\prfh0816.dat
[2010-04-05 00:14:33 | 000,624,822 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-04-05 00:14:33 | 000,138,072 | ---- | M] () -- C:\Windows\System32\prfc0816.dat
[2010-04-05 00:14:33 | 000,111,054 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-04-05 00:10:14 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-04-05 00:10:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-04-05 00:10:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-04-05 00:09:59 | 2717,310,976 | -HS- | M] () -- C:\hiberfil.sys
[2010-04-05 00:09:01 | 004,931,071 | -H-- | M] () -- C:\Users\Angel\AppData\Local\IconCache.db
[2010-04-04 23:41:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-04-04 22:10:02 | 058,534,321 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010-04-04 11:14:10 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010-04-03 21:59:54 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010-04-03 14:21:01 | 000,000,980 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2437898117-1398365205-3809017347-1000Core.job
[2010-04-03 02:05:21 | 000,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010-04-03 01:42:19 | 000,002,178 | ---- | M] () -- C:\rollback.ini
[2010-04-03 01:08:03 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010-04-02 22:22:55 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010-04-02 14:44:54 | 000,000,110 | ---- | M] () -- C:\Users\Angel\Documents\ax_files.xml
[2010-04-02 13:45:07 | 000,043,008 | ---- | M] () -- C:\Windows\System32\browburn.dll
[2010-04-02 13:24:53 | 000,001,078 | ---- | M] () -- C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010-04-02 13:24:45 | 000,000,879 | ---- | M] () -- C:\Users\Angel\Desktop\ERUNT.lnk
[2010-04-02 02:42:56 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\SpyHunter.lnk
[2010-04-02 02:21:15 | 000,000,822 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010-04-01 00:39:44 | 000,002,100 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010-03-31 00:08:06 | 000,053,160 | ---- | M] (Prevx) -- C:\Windows\System32\PxSecure.dll
[2010-03-31 00:08:05 | 000,053,088 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2010-03-31 00:08:05 | 000,030,280 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys
[2010-03-31 00:08:05 | 000,024,368 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys
[2010-03-30 23:57:19 | 000,002,255 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010-03-30 23:46:09 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-03-30 22:39:16 | 000,524,288 | -HS- | M] () -- C:\Users\Angel\ntuser.dat{371035c3-3c44-11df-b635-001e8c806c96}.TMContainer00000000000000000002.regtrans-ms
[2010-03-30 22:39:16 | 000,524,288 | -HS- | M] () -- C:\Users\Angel\ntuser.dat{371035c3-3c44-11df-b635-001e8c806c96}.TMContainer00000000000000000001.regtrans-ms
[2010-03-30 22:39:16 | 000,065,536 | -HS- | M] () -- C:\Users\Angel\ntuser.dat{371035c3-3c44-11df-b635-001e8c806c96}.TM.blf
[2010-03-30 17:37:28 | 000,011,466 | -HS- | M] () -- C:\ProgramData\J7Qo
[2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-03-26 19:29:20 | 000,010,332 | ---- | M] () -- C:\Users\Angel\AppData\Roaming\SmarThruOptions.xml
[2010-03-23 18:39:52 | 000,218,560 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys

========== Files Created - No Company Name ==========

[2010-04-05 00:18:26 | 000,293,376 | ---- | C] () -- C:\wh9clqzz.exe
[2010-04-03 01:42:43 | 000,000,442 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010-04-03 01:42:19 | 000,002,178 | ---- | C] () -- C:\rollback.ini
[2010-04-03 00:53:16 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010-04-03 00:53:16 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010-04-02 22:22:55 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2010-04-02 13:45:07 | 000,043,008 | ---- | C] () -- C:\Windows\System32\browburn.dll
[2010-04-02 13:24:53 | 000,001,078 | ---- | C] () -- C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010-04-02 13:24:45 | 000,000,879 | ---- | C] () -- C:\Users\Angel\Desktop\ERUNT.lnk
[2010-04-02 02:42:56 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\SpyHunter.lnk
[2010-04-01 21:27:54 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010-04-01 00:41:17 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010-04-01 00:41:17 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010-04-01 00:41:17 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010-04-01 00:41:17 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010-04-01 00:41:16 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010-04-01 00:39:44 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010-04-01 00:39:34 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010-04-01 00:39:34 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010-04-01 00:39:28 | 000,002,100 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010-04-01 00:39:25 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010-03-30 23:46:09 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-03-30 22:36:17 | 000,524,288 | -HS- | C] () -- C:\Users\Angel\ntuser.dat{371035c3-3c44-11df-b635-001e8c806c96}.TMContainer00000000000000000002.regtrans-ms
[2010-03-30 22:36:16 | 000,524,288 | -HS- | C] () -- C:\Users\Angel\ntuser.dat{371035c3-3c44-11df-b635-001e8c806c96}.TMContainer00000000000000000001.regtrans-ms
[2010-03-30 22:36:16 | 000,065,536 | -HS- | C] () -- C:\Users\Angel\ntuser.dat{371035c3-3c44-11df-b635-001e8c806c96}.TM.blf
[2010-03-30 16:40:16 | 000,011,466 | -HS- | C] () -- C:\ProgramData\J7Qo
[2010-03-06 15:15:30 | 000,000,024 | ---- | C] () -- C:\ProgramData\__FileUploader.log
[2010-03-06 14:30:12 | 000,000,017 | ---- | C] () -- C:\Windows\MovingPicture.ini
[2010-03-06 13:44:28 | 000,196,096 | ---- | C] () -- C:\Windows\System32\macd32.dll
[2010-03-06 13:44:28 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2010-03-06 13:44:28 | 000,136,192 | ---- | C] () -- C:\Windows\System32\mamc32.dll
[2010-03-06 13:44:28 | 000,057,856 | ---- | C] () -- C:\Windows\System32\masd32.dll
[2010-03-06 13:44:28 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2010-03-05 20:06:31 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010-03-05 20:06:30 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010-03-05 20:06:30 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010-03-05 20:06:29 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010-03-05 20:06:29 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010-03-02 17:24:37 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010-03-02 00:33:45 | 000,010,332 | ---- | C] () -- C:\Users\Angel\AppData\Roaming\SmarThruOptions.xml
[2010-03-02 00:33:41 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2010-03-02 00:33:37 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2010-03-02 00:33:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2010-03-02 00:32:05 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sx450sl3.dll
[2010-03-02 00:31:38 | 000,217,088 | R--- | C] () -- C:\Windows\System32\ssminidriver.dll
[2010-03-02 00:31:38 | 000,027,136 | R--- | C] () -- C:\Windows\System32\ssimgfilter.dll
[2010-03-02 00:31:38 | 000,011,264 | R--- | C] () -- C:\Windows\System32\sssegfilter.dll
[2010-03-02 00:31:38 | 000,010,752 | R--- | C] () -- C:\Windows\System32\sserrhandler.dll
[2010-03-02 00:10:20 | 002,359,296 | -HS- | C] () -- C:\Users\Angel\ntuser.dat
[2010-03-02 00:10:20 | 000,524,288 | -HS- | C] () -- C:\Users\Angel\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010-03-02 00:10:20 | 000,524,288 | -HS- | C] () -- C:\Users\Angel\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010-03-02 00:10:20 | 000,262,144 | -HS- | C] () -- C:\Users\Angel\ntuser.dat.LOG1
[2010-03-02 00:10:20 | 000,065,536 | -HS- | C] () -- C:\Users\Angel\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010-03-02 00:10:20 | 000,000,020 | -HS- | C] () -- C:\Users\Angel\ntuser.ini
[2010-03-02 00:10:20 | 000,000,000 | -HS- | C] () -- C:\Users\Angel\ntuser.dat.LOG2
[2009-10-26 04:44:50 | 000,270,336 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2009-10-26 04:44:50 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2009-10-26 04:44:50 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2009-10-26 04:44:50 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008-07-16 19:51:00 | 002,041,363 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2006-10-11 04:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2004-08-13 10:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== LOP Check ==========

[2010-03-04 21:53:52 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\DeepBurner
[2010-03-06 14:29:46 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\proDAD
[2010-03-02 17:32:45 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Publish Providers
[2010-03-02 00:33:45 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\SmarThru4
[2010-03-08 20:33:08 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Sony
[2010-03-06 13:14:46 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Sony Setup
[2010-04-05 00:19:33 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\uTorrent
[2010-04-03 02:05:21 | 000,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2009-07-14 05:53:46 | 000,022,376 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010-04-05 00:18:26 | 000,293,376 | ---- | M] () -- C:\wh9clqzz.exe


< MD5 for: AGP440.SYS >
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2010-04-02 14:17:11 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2010-04-02 14:17:11 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009-07-14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009-07-14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009-07-14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009-07-14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009-07-14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009-07-14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009-07-14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009-07-14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009-07-14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

OTL Extras logfile created on: 05-04-2010 00:21:59 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\Angel\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 200,00 Gb Total Space | 160,12 Gb Free Space | 80,06% Space Free | Partition Type: NTFS
Drive D: | 265,66 Gb Total Space | 128,78 Gb Free Space | 48,48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANGEL-PC
Current User Name: Angel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{20B05668-C9F0-4469-AEF4-14DF41D6ACB6}" = Windows Live Messenger
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{251C3815-7A55-4607-A82D-C3B98F0FBAB8}" = Sony Vegas 7.0
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28DA1AA2-07F2-4451-A28B-A6A01A9CE8E9}" = Assistente de Início de Sessão do Windows Live
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2BC9740C-F4F1-4C90-B72E-3F9EDB694309}" = Livestream Procaster
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{418001D0-F48E-4910-966C-0DCCC996A87A}" = Windows Live Call
"{45A1BF92-700A-4408-B95E-79F462E3D67D}" = Studio 11 Bonus DVD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50CEA963-2745-46A8-BE71-767F2B36FEF2}" = Windows Live Essentials
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}" = Sony Media Manager 2.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF2070}" = Nero 8
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0015-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0816-0000-0000000FF1CE}_ENTERPRISE_{C312E1CD-EC19-4270-A072-F36F634DFF79}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0816-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007
"{90120000-0044-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0816-0000-0000000FF1CE}_ENTERPRISE_{A8523DA4-5563-4F0E-BD9D-4E4CC3CF7239}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0816-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
"{90120000-00A1-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0816-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Portugal)) 2007
"{90120000-00BA-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3 - Português
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DDC2B636-4F9F-4241-9B15-4DF12C97CF4A}" = Studio 11
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AMCap" = AMCap
"AVG9Uninstall" = AVG Free 9.0
"AVI MPEG Converter 3" = AVI MPEG Converter 3
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NewBlue 3D Explosions for Vegas" = NewBlue 3D Explosions for Vegas
"NewBlue 3D Transformations for Vegas" = NewBlue 3D Transformations for Vegas
"NewBlue Art Effects 2.0 for Vegas" = NewBlue Art Effects 2.0 for Vegas
"NewBlue Film Effects for Vegas" = NewBlue Film Effects for Vegas
"NewBlue Motion Effects 2.0 for Vegas" = NewBlue Motion Effects 2.0 for Vegas
"PCSI" = Prevx
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"Samsung SCX-4500 Series" = Samsung SCX-4500 Series
"Spyware Doctor" = Spyware Doctor 7.0
"uTorrent" = µTorrent
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03-04-2010 10:26:50 | Computer Name = Angel-PC | Source = MsiInstaller | ID = 11923
Description =

Error - 03-04-2010 10:26:50 | Computer Name = Angel-PC | Source = MsiInstaller | ID = 11923
Description =

Error - 03-04-2010 10:26:51 | Computer Name = Angel-PC | Source = MsiInstaller | ID = 11923
Description =

Error - 03-04-2010 10:26:55 | Computer Name = Angel-PC | Source = MsiInstaller | ID = 11923
Description =

Error - 04-04-2010 02:41:05 | Computer Name = Angel-PC | Source = Google Update | ID = 20
Description =

Error - 04-04-2010 03:21:05 | Computer Name = Angel-PC | Source = Google Update | ID = 20
Description =

Error - 04-04-2010 03:41:05 | Computer Name = Angel-PC | Source = Google Update | ID = 20
Description =

Error - 04-04-2010 04:21:05 | Computer Name = Angel-PC | Source = Google Update | ID = 20
Description =

Error - 04-04-2010 04:24:39 | Computer Name = Angel-PC | Source = Application Error | ID = 1000
Description = Nome da aplicação com falha: Explorer.EXE, versão: 6.1.7600.16450,
carimbo de data/hora: 0x4aeba271 Nome do módulo com falha: DivXMFSource.dll, versão:
1.0.0.53, carimbo de data/hora: 0x4ae0bd84 Código de excepção: 0xc0000005 Desvio
de falha: 0x0004cc36 ID do processo com falha: 0x7b8 Data/hora de início da aplicação
com falha: 0x01cad3bfb32c6f77 Caminho da aplicação com falha: C:\Windows\Explorer.EXE
Caminho
do módulo com falha: C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXMFSource.dll
ID
do Relatório: 82cac4a3-3fc3-11df-aac9-001e8c806c96

Error - 04-04-2010 04:41:05 | Computer Name = Angel-PC | Source = Google Update | ID = 20
Description =

[ Media Center Events ]
Error - 04-04-2010 02:29:12 | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 07:29:12 - Erro ao ligar à Internet. 07:29:12 - Não é possível
contactar o servidor..

Error - 04-04-2010 02:29:24 | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 07:29:18 - Erro ao ligar à Internet. 07:29:18 - Não é possível
contactar o servidor..

Error - 04-04-2010 03:29:29 | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 08:29:29 - Erro ao ligar à Internet. 08:29:29 - Não é possível
contactar o servidor..

Error - 04-04-2010 03:29:37 | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 08:29:34 - Erro ao ligar à Internet. 08:29:34 - Não é possível
contactar o servidor..

Error - 04-04-2010 04:29:42 | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 09:29:42 - Erro ao ligar à Internet. 09:29:42 - Não é possível
contactar o servidor..

Error - 04-04-2010 04:29:49 | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 09:29:47 - Erro ao ligar à Internet. 09:29:47 - Não é possível
contactar o servidor..

[ System Events ]
Error - 04-04-2010 17:06:10 | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7000
Description = O serviço adfs falhou o arranque devido ao seguinte erro: %%2

Error - 04-04-2010 17:20:10 | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7006
Description = A chamada ScRegSetValueExW falhou por Start com o seguinte erro: %%5

Error - 04-04-2010 17:20:10 | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7006
Description = A chamada ScRegSetValueExW falhou por Start com o seguinte erro: %%5

Error - 04-04-2010 19:03:13 | Computer Name = Angel-PC | Source = EventLog | ID = 6008
Description = O anterior encerramento do sistema, ?04-?04-?2010 às 23:59:53, foi
inesperado.

Error - 04-04-2010 19:03:10 | Computer Name = Angel-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 04-04-2010 19:03:10 | Computer Name = Angel-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 04-04-2010 19:03:18 | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7000
Description = O serviço adfs falhou o arranque devido ao seguinte erro: %%2

Error - 04-04-2010 19:10:03 | Computer Name = Angel-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 04-04-2010 19:10:03 | Computer Name = Angel-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 04-04-2010 19:10:12 | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7000
Description = O serviço adfs falhou o arranque devido ao seguinte erro: %%2


< End of report >

-----------------------------------

I just have a problem with GMER... The log is really really big...and it would make me need to post LOTS of replies...(443778 characters) I wonder why this happened...

Another thing I wanted to warn you is about a situation that occurred to me... This pc is the only one we have so I and my brother tried to contact someone to help us and if I'm not wrong he used Combofix or something...but the computer was still the same, plus, the reformatting would be the only option...

When I searched for that information I really felt a bit mad because it seems that Combofix is a dangerous program and was used without knowing correctly, or he knew and did the things wrong?

What I know is that my computer is still the same (with the addition of redirection of Mozzila to a website of a MMORPG) and I really don't know if it's better to try to recover or reformat it...

I'm really sorry about this...but I thought you had to know about it...

Hi and sorry for the delay in getting back to you here.

Per the instructions at the following post you must uninstall any and all P2P/BitTorrent/File Sharing Software prior to getting help here.

http://forums.spybot.info/showpost.php?p=218503&postcount=4

In your case that is uTorrent.

Please do so and run OTL again, posting the log. You will not get an extras log this time.

Hi!
No problem, I understand. ^^

But I'm here to note you that my PC had no choice but to be reformatted due to the point that I couldn't even work on it decently...

Still, thanks a lot for your help really! It meant a lot to me...

But I have another problem that I wonder if you could help me out...

I installed a program in the computer but, somehow my antivirus detected a trojan there (maybe a false positive) and deleted the pré-defined "uninstall" button of the same... I have no trojans now, but even uninstalling it from the windows still hadn't made it to get rid of my computer. (yeah, it still opens...)

Is not a bad one, honestly is a program that is trustful but I'm thinking that in the future, when I need to upgrade it I will need to uninstall the old version and install the new one, and since this happened I won't be able to do so...

In the end, how can I delete a program from a computer when there are no buttons to uninstall it? I also like to avoid system restorations because it always brings me problems with other programs activations and that...

Thanks a lot for the attention. You are the best!

Hi!
No problem, I understand. ^^

But I'm here to note you that my PC had no choice but to be reformatted due to the point that I couldn't even work on it decently...

Still, thanks a lot for your help really! It meant a lot to me...

But I have another problem that I wonder if you could help me out...

I installed a program in the computer but, somehow my antivirus detected a trojan there (maybe a false positive) and deleted the pré-defined "uninstall" button of the same... I have no trojans now, but even uninstalling it from the windows still hadn't made it to get rid of my computer. (yeah, it still opens...)

Is not a bad one, honestly is a program that is trustful but I'm thinking that in the future, when I need to upgrade it I will need to uninstall the old version and install the new one, and since this happened I won't be able to do so...

In the end, how can I delete a program from a computer when there are no buttons to uninstall it? I also like to avoid system restorations because it always brings me problems with other programs activations and that...

Thanks a lot for the attention. You are the best!
What program is it? And where did you get the program?

The program is called: Esnips Downloader, from the original website: esnips.com

Lot of people works with it just fine, others could uninstall it perfectly (I also use their uploader for a lot of time and never gave me problems), but due to that problem of the uninstall button got deleted and since I tried to uninstall it from windows control panel and didn't worked, I wonder how to get rid of it now...

It's to download songs, but then I discovered other method to download instead of using their program, and so I wanted to uninstall it...so, I wonder what to do next...:sad:

Hmmmm? Never heard of it. In the little research I did it sounds like it's bordering on breaking copyright infringements and such, like P2P downloading, and that's not supported here. One quick suggestion you could try, and this goes for any program that you run into this issue with, is to re-install over it, then try removing it again. It may even offer to repair the install when you go through it. Then you should be able to remove it properly.

Good luck and regards,
Dave

Oh, really? o.o No wonder why I heard that to some people gave problems... Anyway, I tried to do that but a message comes to say that the program is already installed and suggests to uninstall it first so it can install the program again...

Maybe installing it into another computer and copy the "uninstaller" file into mine so I can uninstall it? I still wonder if it works and it bothers me the trojan...because I don't know if it was a false-positive from the anti-virus or really true... And if somehow can damage my computer somehow...

Thanks a lot for the help! ^^

Don't really think just copying the uninstaller over will work.

You could try a 3rd party uninstaller like Revo (http://www.revouninstaller.com/).

I don't think the program itself will do, or has done any real damage. I think much more damage can be done by using these types of programs, like this one, and you also had uTorrent on there at one point. That's where the real dangerous Malware is going to come from. One bad download and it's all over....

Hi,
Did you still want help here?

Hello there! Really sorry for the late reply... At first I was only seeing the first page during the next days after my last reply and this week I went in vacations for a few days making me not noticing your reply... :sad:

Anyway, I haven't tried the method of copying the uninstaller and if you say it won't work then I guess I will have this program till the end...

I installed that program now but the icon doesn't appear just like in the normal Windows Uninstaller...due to the fact that what caused before made the program to not detect it so it could uninstall... Still this is not a bad 3rd party uninstaller, maybe from now on I will uninstall the programs through it due to the fact I heard that the normal Uninstaller from Windows is not that good...

As for utorrent, yeah, I sure need to be careful with downloads even tho the last one was from a direct one...still, is not that good either...

It seems there's no solution for this one now, but it seems that the program itself is not causing any problem so far.

Thanks a lot for you entire attention and help really! :yes:

Hi,

Just doing a follow up here...

Have you manually removed the programs folder? I would suggest doing that.

You could also contact their tech support and see if they can offer any help.

http://www.esnips.com/support/

Good luck and take care,
Dave